Privacy Policy and Data Security

Data protection information of GÖDE-Foundation

From 25 May 2018, the provisions of the EU General Data Protection Regulation
(hereinafter referred to as: GDPR) will apply across Europe. Below, we
wish to inform you of the processing of personal data carried out by
GÖDE-Foundation in accordance with this new regulation (see Article 13
GDPR). Please read our data protection information carefully. Should you
have questions or comments concerning this data protection information,
you can contact us via the email address stated in Number 2 at any
time.

The following data protection notice informs you of the type and scope of processing of so-called personal data by GÖDE-Foundation. Personal data is information which can be directly or indirectly attributed or assigned to your person.

By accessing the website
of GÖDE-Foundation, various information will be exchanged between your
end device and our server. This can also include personal data. The
information which is gathered in such a way is used, amongst others, to
optimise our website or to display advertising in the browser of your end device.

In accordance with the guidelines of the GDPR, you have various rights which you can claim in relation to us. Amongst others, this includes the right to raise an objection in
relation to selected data processing, in particular for advertising
purposes. The option to raise an objection is available in typographical
form.

Should you have any questions concerning our data
protection notice, you can contact our company data protection officer
at any time. The contact details are below.

2.
Name and contact information for the person responsible for the
processing, as well as for the company data protection officer

The company data protection officer
of GÖDE-Foundation can be contacted at the above-mentioned address,
Customer Data Protection Department and via email by
data-protection@gravitation.org.

3. Purpose of
the data processing, legal basis and legitimate interests which are
pursued by GÖDE-Foundation or a third party, as well as categories of
recipients

3.1 Accessing our website

When
accessing our website, information is automatically sent to the server
of our website by the browser being used on your end device and is
temporarily saved in a so-called log file. We do not have any control
over this. The following information is recorded in such a case without any action on your part and is saved until automated deletion:

The IP address of the requesting device with Internet capability

The date and time of the access

The name and URL of the accessing file

The website from which the access took place (referrer URL)

The
browser used by you and, if applicable, the operating system of your
device with Internet capability and the name of your access provider.

The legal basis for the processing of the IP address is
Article 6 Paragraph 1 Letter f) GDPR. Our legitimate interest arises
from the following purposes of data gathering listed below. We now wish
to point out that we are not directly able to trace your identity
through the data gathered by us and that this is not carried out by us.

The IP address of your end device, as well as the other data listed above is used by us for the following purposes:

Ensuring a seamless establishment of a connection

Ensuring comfortable use of our website

Evaluation of system security and stability

The
data is only saved for as long as is necessary to fulfil the purpose of
the saving of the data and is then automatically deleted. In addition,
we use so-called cookies, tracking tools and targeting procedures for
our website. A more precise explanation of this process and how your
data is used for this can be found in Number 3.4 below.

Should you have agreed to so-called geo localisation
in your browser or in the operating system, we use this function in
order to offer you individual services which are based on your current
location. Your location data which is processed in this way is only
processed by us for this function. The data is deleted once you end the
use.

3.2 Online presence and website optimisation

Cookies – general notice

We
use so-called cookies on our website. Should these cookies concern
personal data, the use takes place in accordance with Article 6
Paragraph 1 Letter f) GDPR. Our interest in optimising our website is
considered to be justified under the regulation referred to above.
Cookies are small files which are automatically created by your browser
and which are saved on your end device (laptop, tablet, smartphone etc)
when you visit our website. Cookies do not cause any damage to your end
device and do not contain any viruses, trojan horses or other malicious
software. Information which is gathered in connection with the specific
end device being used is stored in the cookie. However, this does not
mean that we obtain direct knowledge of your identity as a result. One
of the purposes of the use of cookies is to make the use of our service
more attractive to you. For this purpose, we use so-called session cookies
in order to recognise that you have already visited certain pages of
our website or have already registered through your customer account.
These are automatically deleted when you leave our website. In addition,
we also use temporary cookies for the purpose of user
friendliness. These are saved on your end device for a specified period
of time. Should you visit our website again in order to use our
services, it is automatically recognised that you have already visited
our website and what entries and settings you carried out, so that you
do not need to do this again.

We also use cookies in order to record statistics concerning
the use of our website and for the purpose of evaluating the
optimisation of our services for you, as well as to provide you with
special information tailored to you. These cookies enable us to
automatically recognise that you have already visited our website,
should you visit our website again. These cookies are automatically
deleted after a defined time. Most browsers accept cookies
automatically. However, you can configure your browser in such a way
that no cookies are saved on your computer or that a notice always
appears before a new cookie is deposited. However, if you fully
deactivate cookies, this may mean that you cannot use all functions of
our website. The period of time for which the cookies are saved depends
on their purpose of use and is not the same for all of these.

Google Analytics

For
the purpose of tailoring our website to requirements and for the
purpose of ongoing optimisation, on the basis of Article 6 Paragraph 1
Letter f) GDPR, we use Google Analytics, a web analysis service of
Google Inc (“Google”). During this process, pseudonymised usage profiles are created and cookies are used. The information concerning your use of the website generated by the cookie, such as

browser type/version

operating system used

referrer URL (the preceding site visited)

host name of the accessing computer (IP address)

and time of the server query

are
transferred to a Google server in the USA and saved there. The
information is used to evaluate the use of the website, to compile
reports concerning the website activities and to provide further
services connected to the use of the website and use of the Internet for
market research purposes and to ensure the design of these Internet
sites is tailored to requirements. This information may also be
transferred to third parties, should this be required by law or should
third parties process this data on our behalf. Under no circumstances
will your IP address be combined with other data by Google. The IP
addresses are anonymised, so that it is not possible to attribute these (so-called IP masking).

You can prevent
the installation of the cookies by setting your browser software
accordingly. However, we wish to point out that in such a case, you may
not be able to fully use all functions of this website. You can also
prevent the recording of the data generated by the cookie and which
relates to your use of the website (including your IP address) and the
processing of this data by Google by downloading and installing this browser add on.
As an alternative to the browser on, particularly in the case of
browsers on mobile end devices, you can also prevent the recording by
Google Analytics by clicking on this link. An opt out
cookie is set, which prevents the future recording of your data when
visiting this website. The opt out cookie is only valid in this browser
and only for our website and is set on your device. Should you delete
the cookies in this browser, you need to reset the opt out cookie.
Further information concerning data protection in connection with Google
Analytics can be found on the website of Google Analytics.

4. Recipients outside of the EU

Apart
from the processing of your data by us or by service providers engaged
by us in Switzerland in accordance with the GDPR, with the exception of
the processing stated under 3.4.2 we do not pass your data on to
recipients headquartered outside of the European Union or European
Economic Area. The processing named under 3.4.2 leads to a data transfer
of the servers of the providers of tracking and targeting technologies engaged by us. These servers are located in the USA. The data transfer takes place in accordance with the principles of the so-called Privacy Shield and on the basis of so-called standard contractual clauses of the EU Commission.

5. Your rights

Overview

Whenever
your personal information is processed by us under the terms of the
GDPR and the relevant legal requirements are met, you have the following
rights:

Right to information in relation to
your personal data saved by us in accordance with Article 15 GDPR; in
particular, you can obtain information concerning the processing
purposes, the category of the personal data, the category of recipients
to whom your data was or is being disclosed, the planned period of
saving and the origin of your data, should this not have been obtained
from you directly.

Right to correction of incorrect data or to completion of correct data in accordance with Article 16 GDPR.

Right to deletion of
your personal data saved by us in accordance with Article 17 GDPR,
unless statutory or contractual retention periods or other statutory
rights and obligations concerning the continued saving of the data must
be complied with.

Right to restriction of the
processing of your data in accordance with Article 18 GDPR, should the
correctness of the data be disputed by you, should the processing be
unlawful but you reject its deletion, should the responsible body no
longer require the data however you require it in order to claim,
exercise or defend legal claims or should you have submitted an
objection to the processing in accordance with Article 21 GDPR.

Right to data transferability in
accordance with Article 20 GDPR, ie the right to be provided with
selected data saved by us in a current, machine readable format or to
request the transfer to another responsible body.

Right to complain to
a supervisory authority. As a rule, you can contact the supervisory
authority of your usual place of residence or place of work or of our
place of business in this respect.

Right of objection

In line with the requirements of Article 21 Paragraph 1 GDPR, the
processing of data can be objected to for reasons connected to the
specific situation of the affected person.

The general right of objection applies
to all processing purposes described in this data protection
information which are carried out on the basis of Article 6 Paragraph 1
Letter f) GDPR. Except for the special right of objection relating to
the processing of data for advertising purposes (see 3.3.3 above),
according to the GDPR we are only obliged to implement such a general
objection if you state significant reasons for such (for example
possible danger to life or health). In addition, you have the option of
contacting a supervisory authority or competent body, should you have a
reason to object.

6. Data security

All
data transmitted by you personally, including your payment data, is
transferred with the generally normal and secure standard SSL (secure
socket layer). SSL is a secure and trusted standard, which is also used
in online banking for example. Amongst others, you can recognise a
secure SSL connection by the attached s in the http (for example
https://…) in the address list of your browser or by the key symbol in
the lower part of your browser.

We also use suitable technical and
organisational security measures in order to protect your personal data
saved by us against manipulation, partial or complete loss or
unauthorised third party access an endeavour to constantly improve our
security measures in line with technical developments.

7. Changes to the data protection information

Technological
developments, statutory guidelines or differing processes may also
impact on this data protection information. Therefore, we reserve the
right to alter this data protection information at any time with effect
for the future. The respective current version of the data protection
information can be found on our website. We recommend that you regularly
visit this document which forms part of our web shop, so that you can
familiarise yourself with the respectively applicable provisions.